-
Notifications
You must be signed in to change notification settings - Fork 0
Production Deployment Validation
CAVRA now exposes a deployment readiness report for authenticated console/API topologies.
GET /deployment/production-readiness
The report checks:
- OIDC configuration.
- Repository RBAC configuration.
- Restricted CORS origins.
- Evidence artifact root configuration.
- Policy pack catalog availability.
- Persistent API store presence.
- Opt-in Go backend pilot mode, runtime binary path, compiled policy path, optional registry path, Python fallback, and parity gate evidence.
- Go backend CI runner bundle metadata, workstation channel manifest, and updater policy readiness.
- Go backend promotion readiness when
promotedmode or promotion evidence is configured. - Go backend rollback readiness when
promotedmode or rollback plan evidence is configured. - Go backend rollback rehearsal readiness when
promotedmode or rehearsal evidence is configured. - Go backend rollback drill history when
promotedmode or drill history evidence is configured. - Go backend rollback drill schedule when
promotedmode or schedule evidence is configured. - Community GA policy control hardening references for Ed25519 policy signing, golden decision snapshots, runtime mode behavior, and public deployment guide validation.
curl http://127.0.0.1:8000/deployment/production-readinessRun this in the same environment that hosts the API and console. Attach the report to release evidence before enterprise pilots. For the public Community path, also run the policy signing workflow and golden decision tests before publishing a release:
cavra policy keygen --output .cavra/policy-signing --key-id community-ga-policy-key
cavra policy sign policies/cavra-ai-agent-baseline/policy.yaml --signer platform-security --private-key .cavra/policy-signing/community-ga-policy-key.private.pem --key-id community-ga-policy-key
cavra policy verify policies/cavra-ai-agent-baseline/policy.yaml --public-key .cavra/policy-signing/community-ga-policy-key.public.pem
python3 -m pytest -q tests/test_golden_decisions.pyThe sandbox console includes a Production Readiness panel that displays deployment status, checks, store summary, Go backend pilot status, Go backend deployment readiness, Go promotion readiness, Go rollback readiness, rollback rehearsal status, latest rollback drill, recovery target, next drill due date, notification routes, evidence references, and operator notes.
- As a platform engineer, I can validate whether production identity, RBAC, CORS, evidence, persistence controls, Community policy signing, golden decisions, runtime modes, optional Go backend pilot inputs, Go backend rollout metadata, promotion evidence, rollback controls, rollback rehearsal evidence, rollback drill history, and rollback drill scheduling are configured.
- As a security architect, I can detect missing controls before exposing the console to enterprise users.
- As an auditor, I can attach a readiness report to release evidence.
Deployment validation turns production readiness into a repeatable control check. It helps teams avoid launching a console/API topology without identity, RBAC, evidence retrieval, CORS restrictions, persistent stores, signed policy packs, golden decision regression coverage, explicit runtime modes, Go backend pilot evidence, CI runner and workstation rollout controls, promotion approval evidence, rollback controls, rollback rehearsal evidence, fresh rollback drill history, or active rollback drill scheduling when promoted mode is enabled.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion